-
Notifications
You must be signed in to change notification settings - Fork 0
Notes on using terraform‐hcloud‐kube‐hetzner
The project terraform-hcloud-kube-hetzner provides a Kubernetes cluster setup on the Hetzner cloud using OpenTofu/Terraform. Using this setup with this plugin requires additional configuration which is described on this page.
This setup uses SELinux to protect the cluster. This prevents velero file system backups from working. SELinux has to be configured for them to work again.
Perform the following steps for each worker node:
Connect with SSH to the worker node (where 123.45.67.89
is the IP address of the node and ~/.ssh/id_ed25519
the path to the SSH key used for that node):
ssh [email protected] -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no
Create a file called fsb_files_policy.te
with the following content:
module fsb_files_policy 1.0;
require {
type container_file_t;
type container_t;
class lnk_file read;
}
#============= container_t ==============
allow container_t container_file_t:lnk_file read;
Apply it by running:
checkmodule -m -o fsb_files_policy.mod fsb_files_policy.te
semodule_package -o fsb_files_policy.pp -m fsb_files_policy.mod
semodule -i fsb_files_policy.pp
You can quit the SSH session with exit
or CTRL-D. The worker node is now configured.